On Thu, 2008-07-31 at 14:34 +1000, Chris Samuel wrote:
> Here's a curly one..
>> We are helping a Uni set up a Linux cluster (CentOS 5
> based) and we've found out that they have two separate
> Active Directory instances, one for staff and one for
> students.
>> They want the cluster to be able to authenticate against
> both, as users might be on either service.
>> They have assured us that we can just their ADSs as
> if they are LDAP servers, which is OK, but it looks
> like Linux doesn't really want to know about using
> multiple LDAP servers except in a failover/round-robin
> situation.
>
Funnily enough we used to do something similar here. Falling through
from the main campus LDAP (on an e-directory cluster) to the LDAP in
Computer Science.
It required some patches to nss_ldap to make it work properly and the
pam config was a little bit tricky, but it did work.
I still have that config up and running on some of my older machines so
I can hunt down the config and patches if it would be useful.
Thanks,
Huw
--
Huw Lynes | Advanced Research Computing
HEC Sysadmin | Cardiff University
| Redwood Building,
Tel: +44 (0) 29208 70626 | King Edward VII Avenue, CF10 3NB